hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tsz Wo (Nicholas), SZE (JIRA)" <j...@apache.org>
Subject [jira] Created: (HADOOP-1701) Provide a simple authentication service and a user management service
Date Thu, 09 Aug 2007 20:17:42 GMT
Provide a simple authentication service and a user management service
---------------------------------------------------------------------

                 Key: HADOOP-1701
                 URL: https://issues.apache.org/jira/browse/HADOOP-1701
             Project: Hadoop
          Issue Type: New Feature
            Reporter: Tsz Wo (Nicholas), SZE
            Assignee: Tsz Wo (Nicholas), SZE


In HADOOP-1298, we want to add user information and permission to the file system.  It requires
an authentication service and a user management service.  We should provide a framework and
a simple implementation in issue and extend it later.  As discussed in HADOOP-1298, the framework
should be extensible and pluggable.

- Extensible: possible to extend the framework to the other parts (e.g. map-reduce) of Hadoop.

- Pluggable: can easily switch security implementations.  Below is a diagram borrowed from
Java.

!http://java.sun.com/javase/6/docs/technotes/guides/security/overview/images/3.jpg!

- Implement a Hadoop authentication center (HAC).  In the first step, the mechanism of HAC
is very simple, it keeps track a list of usernames (we only support users, will work on other
principals later) in HAC and verify username in user login (yeah, no password).  HAC can run
inside NameNode or run as a stand alone server.   We will probably use Kerberos to provide
more sophisticated authentication service.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message